diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index eb02d1c0e29..9baf6e68013 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,4 @@ class ApplicationController < ActionController::Base - helper_method :probably_authenticated? - def route_not_found render file: Rails.root.join("public","404.html"), layout: false, status: 404 end @@ -20,11 +18,4 @@ def append_info_to_payload(payload) payload[:remote_ip] = request.remote_ip payload[:user_agent] = request.user_agent end - - - # When you login to Buildkite, we set this cookie as an indicator for other - # services that the user *may* be logged in. - def probably_authenticated? - request.cookie_jar[:bk_logged_in] == "true" - end end diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index fdd6343070d..a624c562e11 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -3,12 +3,15 @@ class PagesController < ApplicationController layout :layout_by_path def index - @nav = default_nav + expires_in 5.minutes, public: true, must_revalidate: true + @nav = default_nav render :index, layout: "homepage" end def show + expires_in 5.minutes, public: true, must_revalidate: true + @nav = default_nav @page = Page.new(view_context, params[:path]) @@ -21,6 +24,7 @@ def show redirect_to "/docs/#{@page.canonical_url}", status: :moved_permanently end + # Otherwise, render the page (the default) end diff --git a/app/views/application/_algolia.html.erb b/app/views/application/_algolia.html.erb index d34d8492103..9aeb67c8988 100644 --- a/app/views/application/_algolia.html.erb +++ b/app/views/application/_algolia.html.erb @@ -1,4 +1,4 @@ -<%= javascript_tag nonce: true do %> +<%= javascript_tag do %> /* This api key is intentionally public */ docsearch({ apiKey: '<%= algolia_api_key %>', diff --git a/app/views/application/_analytics.html.erb b/app/views/application/_analytics.html.erb index 3fbce81edcf..d720bf607a5 100644 --- a/app/views/application/_analytics.html.erb +++ b/app/views/application/_analytics.html.erb @@ -1,5 +1,5 @@ -<%= javascript_tag nonce: true do %> +<%= javascript_tag do %> var getFirstSource = function() { const firstSourceCookie = '_first_lead_source', firstReferrerCookie = '_first_referrer', @@ -76,7 +76,7 @@ var getFirstSource = function() { <% end %> -<%= javascript_tag nonce: true do %> +<%= javascript_tag do %> !function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on","addSourceMiddleware","addIntegrationMiddleware","setAnonymousId","addDestinationMiddleware"];analytics.factory=function(e){return function(){var t=Array.prototype.slice.call(arguments);t.unshift(e);analytics.push(t);return analytics}};for(var e=0;e";;analytics.SNIPPET_VERSION="4.15.3"; analytics.load("<%= ENV['SEGMENT_TRACKING_ID'] %>"); analytics.page({ diff --git a/app/views/application/_footer.html.erb b/app/views/application/_footer.html.erb index 9185ec0159c..c850c320736 100644 --- a/app/views/application/_footer.html.erb +++ b/app/views/application/_footer.html.erb @@ -45,9 +45,9 @@ <% unless hide_feedback %> <% emojicom_campaign_id = Rails.env.production? ? '7O7Rc8JaykqXiCmaqe1C' : 'YeriBgQjRQmOU3br2W1g' %> - <%= javascript_tag nonce: true do %> + <%= javascript_tag do %> window.emojicom_widget = { campaign: "<%= emojicom_campaign_id %>" }; <% end %> - <%= javascript_include_tag 'https://cdn.emojicom.io/embed/widget.js', async: true, nonce: true %> + <%= javascript_include_tag 'https://cdn.emojicom.io/embed/widget.js', async: true %> <% end %> diff --git a/app/views/application/_global_links.html.erb b/app/views/application/_global_links.html.erb index 35b7f2546ce..6bc0e1a66ba 100644 --- a/app/views/application/_global_links.html.erb +++ b/app/views/application/_global_links.html.erb @@ -12,16 +12,10 @@ - <% if probably_authenticated? %> -
  • - <%= link_to "Dashboard", dashboard_path, class: "Button Button--purple Button--small" %> -
    • - <% else %> -
  • - <%= link_to "Login", "https://buildkite.com/login", class: "Button Button--link Button--small" %> -
    • -
  • - <%= link_to "Sign up for free", "https://buildkite.com/signup", class: "Button Button--purple Button--small" %> -
    • - <% end %> +
  • + <%= link_to "Login", "https://buildkite.com/login", class: "Button Button--secondary Button--small" %> +
    • +
  • + <%= link_to "Sign up", "https://buildkite.com/signup", class: "Button Button--purple Button--small" %> +
    • diff --git a/app/views/application/_head.html.erb b/app/views/application/_head.html.erb index a682d1fa8aa..caa52d9b98c 100644 --- a/app/views/application/_head.html.erb +++ b/app/views/application/_head.html.erb @@ -10,9 +10,7 @@ <%= stylesheet_link_tag "docsearch", "application", media: "all" %> -<%= javascript_include_tag "docsearch", nonce: true %> - -<%= csp_meta_tag %> +<%= javascript_include_tag "docsearch" %> @@ -35,7 +33,7 @@ -<%= render 'analytics', application: 'docs', title: "Docs / #{content_for(:page_title)}", logged_in: probably_authenticated? %> +<%= render 'analytics' %> <% if ENV.fetch("ROBOTS_NO_INDEX") { "false" } == "true" %> diff --git a/app/views/application/_helpscout.html.erb b/app/views/application/_helpscout.html.erb index 2f20cc8b79c..6ddb7eb7ae3 100644 --- a/app/views/application/_helpscout.html.erb +++ b/app/views/application/_helpscout.html.erb @@ -1,4 +1,4 @@ -<%= javascript_tag nonce: true do -%> +<%= javascript_tag do -%> !function(e,t,n){function a(){var e=t.getElementsByTagName("script")[0],n=t.createElement("script");n.type="text/javascript",n.async=!0,n.src="https://beacon-v2.helpscout.net",e.parentNode.insertBefore(n,e)}if(e.Beacon=n=function(t,n,a){e.Beacon.readyQueue.push({method:t,options:n,data:a})},n.readyQueue=[],"complete"===t.readyState)return a();e.attachEvent?e.attachEvent("onload",a):e.addEventListener("load",a,!1)}(window,document,window.Beacon||function(){}); window.Beacon('init', "<%= ENV.fetch('HELPSCOUT_BEACON_ID', "1d032e87-e8df-4c7f-a423-a6825b9752a2")%>"); <% end %> diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index f6a99db9019..1565223306a 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -32,6 +32,7 @@ policy.script_src( :self, + :unsafe_inline, "https://www.googletagmanager.com/", "https://cdn.segment.com/", "https://cdn.emojicom.io/", @@ -69,9 +70,6 @@ policy.report_uri "/_csp-violation-reports" end -# We use nonce for inline scripts -Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - # Report CSP violations to a specified URI # For further information see the following documentation: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only